Vulnerability Database

308,681

Total vulnerabilities in the database

CVE-2021-23135

Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs. This issue affects Argo CD 1.8 versions prior to 1.8.7; 1.7 versions prior to 1.7.14.

Published: May 12, 2021
Updated: Nov 16, 2025
CVE: CVE-2021-23135
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.9
AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

OWASP TOP 10:

A6 - Security Misconfiguration

Affected Software
References

Software	From	Fixed in
argoproj / argo_cd	1.7.0	1.7.14
argoproj / argo_cd	1.8.0	1.8.7

https://github.com/argoproj/argo-cd/security/advisories/GHSA-fp89-h8pj-8894

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo